WHAT IS CLAIMED IS: 



l.\ A system for securely transmitting and storing data 
comprising : 

a client arrangement which encrypts sensitive data 
using a\first key to generate pre-encrypted sensitive data, 
the clieriH; encrypting non-sensitive data and the pre-encrypted 
sensitive d^ta using a second key; and 

a pvrivate network arrangement including: 

record database including a set of records, 
a\key-store database including a set of third 
key^ which are encrypted using a fourth key, 
a fu2\y signature database including signature 
vectors\yhich are encrypted using the first 
key, 

a permissiofk database including authorization 
information, and 

an application server locating one of the 
signature vectors Vn the fuzzy signature 
database which subst>ant ially corresponds to a 
query request, performing at least one 
relational database operation on an encrypted 
query request, and determisiiing if a first user 
is authorized to perform an\pperation, using 
the authorization information; 

wherein, if the first userXis authorized, 
the application server obtaJSis the fourth 
key for decrypting a particular key of the 
third keys which corresponds toVparticular 
information for a second user starred in 
the key- store database, and 




\ wherein the application server decrypts 

\ the sensitive data obtained from the 

\ record database using the particular key. 

2. The system of claim 1, further comprising: 

\ a communication network arrangement connecting the 
private Nnetwork arrangement to the client arrangement . 

3. The syst^em of claim 2, wherein the communication network 
arrangement J^s a public network arrangement. 

4. The system ok claim 3, further comprising: 

an inteVface server connecting the public network 
arrangement to the Vrivate network arrangement. 

5. The system of claim V, further comprising: 

a verification V)rocessor authenticating the 
interface server. \ 

6. The system of claim 1, wherfein the records include non- 
privileged user records and privileged user records. 

7. The system of claim 1, wherein trie first key is a public 
key of the first user. . V 

8. The system of claim 1, wherein the second key is a public 
key of the application server. \ 

9. The system of claim 1, wherein the third key's include 
private keys, each key corresponding to a separaite user. 
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ilO. The system of claim 1, wherein the fourth key is a key- 
atore master key which is utilized for accessing the key-store 
database . 

11. \a system for performing a secure transfer of client data, 
compr losing : 

a Vlient arrangement which encrypts sensitive data using 
a first ftey to generate pre-encrypted sensitive data, the 
client arrangement encrypting non- sensitive data and the pre- 
encrypted sansitive data using a second key to generate the 
client data . \ 

12. The system\pf claim 11, wherein the first key is a public 
key of a user. \ 

13. The system of oiaim 11, wherein the second key is a 
public key of the appMcation server. 

14. A method for performing a secure transfer of client data, 
comprising the steps of : \ 

encrypting sensitiVe data of the client data using a 
first key to generate pre-encrypted data; and 

encrypting non-sensit\ve data of the client data and 
the pre-encrypted data using a second key. 

15. The method of claim 14, whereinXthe first key is a public 
key of a user. \ 

16. The method of claim 14, wherein the Ifeecond key is a 
public key of an application server. \ 
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1"? . A system for generating and storing encrypted data, 
cort^prising : 

a record database which includes a set of records; 
a fuzzy signature database; and 

an application server performing the following: 
generating a first set of trigrams for each 
record of the records, 

sorting the first set of trigrams for each 
record of the records, 

enerating signature vectors using the first 
sa^t of trigrams, 

wherein one of the signature vectors is 

ssigned to a respective record residing 
iri the record database, 
encryptirag the signature vectors using a key to 
generate encrypted vectors, wherein one of the 
encrypted vo^ctors is assigned to the respective 
record, and 

storing the encrypted vectors in the fuzzy 
signature databas^e 



18. The system according to claim\l7, wherein the application 
server : 

generates a second set of tfsigrams for a fuzzy 
query, sorts the second set of Vrigrams, 

computes a query vector using t^je second set of 

trigrams , 

encrypts the query vector using th^ key to generate 
an encrypted fuzzy query vector, and 
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\ locates a particular vector of the encrypted vectors 

iA the fuzzy signature database which substantially 
coiVesponds to the encrypted fuzzy query vector. 

19. "TUie system of claim 17, wherein the first set of trigrams 
is sort^ed alphabetically. 

20. The system of claim 18, wherein the second set of 
trigrams is Nsorted alphabetically. 

21. The systerrKof claim 17, wherein the record database 
includes non-pri-^leged user records and privileged user 
records . \ 

22. The system of clasim 18, wherein the key is a public key 
of a user. \ 

23. A method for generating and storing encrypted data, 
comprising the steps of : \ 

generating a first aiet of trigrams for each record 
of a record database, the recoird database including a 
plurality of records; \ 

for each record of the records, sorting the first 
set of trigrams; \ 

generating signature vector^ using the first set of 
trigrams, wherein one of the signature Vrectors is assigned to 
a respective record of the records; \ 

encrypting the signature vectors^ using a key to 
generate the encrypted vectors, wherein one\of the encrypted 
vectors is assigned to the respective record\ and 
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\ storing the encrypted vectors in a fuzzy signature 

database . 

24. iThe method of claim 23, further comprising the steps of: 

\ generating a second set of trigrams for a fuzzy 
\ query; 

\ sorting the second set of trigrams; 

oomputing a query vector using the second set of 
trigrams; \ 

encrvypting the query vector using the key to 
generate an encVypted fuzzy query vector; and 

locating a particular vector of the encrypted 
vectors in the fuz\y signature database which substantially 
corresponds to the ericrypted fuzzy query vector. 

25. The method of clain\23, wherein for each record of the 
records, the first set of Vrigrams is sorted alphabetically. 

26. The method of claim 24, Wierein the second set of 
trigrams is sorted alphabet ical\y . 

27. The method of claim 23, wherern the records include non- 
privileged user records and privileged user records. 

28. The method of claim 24, wherein the\)cey is a public key 
of a user. \ 

29. A system for searching a record database V/hich includes a 
plurality of records, each of the records incluciing encrypted 
sensitive data, the system comprising: \ 
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X an application server encrypting a search query 

whi^h includes sensitive information using a key to generate 
an encrypted search query, and locating a particular record of 
the records in the record database if the sensitive 
information of the particular record substantially corresponds 
to the Vncrypted sensitive information of the encrypted search 
query. \ 

30. The sysoem of claim 29, wherein the record database 
stores non-pri^leged user records and privileged user 
records . \ 

31. The system of cSLaim 29, wherein the key is a public key 
of a user. \ 

32. A method for searching a record database which includes a 
plurality of records, each Osf the records including encrypted 
sensitive data, the method coitorising the steps of: 

encrypting a search qkery which includes sensitive 
information using a key to generate an encrypted search query; 
and \ 

locating a particular record of the records in the 
record database if the sensitive information of the particular 
record substantially corresponds to the ericrypted sensitive 
information of the encrypted search query. \ 

33. The method of claim 32, wherein the recorci database 
stores non-privileged user records and privilegeci user 
records . \ 
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3^ . The method of claim 32, wherein the key is a public key 
orVa user. 

35. \a system for accessing encrypted sensitive data in a 
record database which includes a plurality of records, the 
systemNcomprising : 

\ a permission database including authorization 
information ; and 

anv application server performing the following: 

\ checking the permission data in the database to 
determine if a first user is authorized to 
poxform a particular operation, 
obtaining a first key if the first user is 
autho^rized to perform the particular operation, 
obtainisng a second key using the first key, 
decrypting the second key which corresponds to 
inf ormatioisi for a second user, and 
decrypting t^e encrypted sensitive data in the 
record databas^ using the second key. 

36. The system of claim 35, wherein the second key is located 
in a key-store database. \ 

37. The system of claim 35, wherein the first key is a key- 
store master key. \ 

38. The system of claim 35, wherein the second key is a 
private key of a user. \ 
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59. A method for accessing encrypted sensitive data in a 
record database which includes a plurality of records, 
con\prising the steps of : 

\ checking a permission data in the database to 

deterr^jine if a first user is authorized to perform a 
particuJar operation; 

\ obtaining a first key if the first user is 
authorizeov to perform the particular operation,; 

ojfetaining a second key using the first key, 
decrypting the second key which corresponds to information for 
a second user ;\ and 

decrypting the encrypted sensitive data in the 
record database uSsing the second key. 

40. The method of c\aim 39, wherein the second key is located 
in a key-store databaste. 

41. The method of claim \ 0 , wherein the first key is a key- 
store master key. \ 

42. The method of claim 40, wherein the second key is a 
private key of a user. \ 

43. A machine-readable medium having stored thereon data 
representing sequences of instruct ionsy the sequences of 
instructions including particular instrxact ions which, when 
executed by a processor connected to a co^imunicat ion network, 
cause the processor to perform the steps ors: 

encrypting sensitive data of a client data using a 
first key to generate pre -encrypted data; and \ 
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encrypting non-sensitive data of the client data and 
he pre-encrypted data using a second key. 



44 A A machine -readable medium having stored thereon data 
representing sequences of instructions, the sequences of 
instrucst ions including particular instructions which, when 
executed\by a processor connected to a communication network, 
cause the Vrocessor to perform the steps of: 

geraerating a first set of trigrams for each record 
of a record database, the record database including a 
plurality of reoords; 

for eaclkrecord of the records, sorting the first 
set of trigrams; \ 

generating signature vectors using the first set of 
trigrams, wherein one or\.the signature vectors is assigned to 
a respective record of thes. records ; 

encrypting the signature vectors using a key to 
generate encrypted vectors, wherein one of the encrypted 
vectors is assigned to the respe>ctive record; and 

storing the encrypted vesctors in a fuzzy signature 
database . \ 

45. A machine -readable medium having sHiored thereon data 
representing \sequences of instructions.,^, ohe . sequences of 
instructions including particular instructions which, when 
executed by a processor connected to a commuriicat ion network, 
cause the processor to perform the steps of: \ 

encrypting a search query which incluofes sensitive 
information using a key to generate an encrypted search query; 
and \ 
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\ locating a particular record of records in a record 

database if the sensitive information of the particular record 
substrantially corresponds to the encrypted sensitive 
inf ormastion of the encrypted search query. 

46. A macnine- readable medium having stored thereon data 
represent ing sequences of instructions, the sequences of 
instructions inoluding particular instructions which, when 
executed by a processor connected to a communication network, 
cause the processor\x) perform the steps of: 

checking a pesrmission data in the database to 
determine if a first user\^is authorized to perform a 
particular operation; \ 

obtaining a first key if the first user is 
authorized to perform the partic\ilar operation; 

obtaining a second key u^ing the first key, 
decrypting the second key which corresponds to information for 
a second user; and \. 

decrypting the encrypted sensitaSve data in the 
record database using the second key, \ 
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